Pc superlenta

Hola buenas tardes

Tengo un PC que me acaban de asignar en el trabajo el cual esta superlento, es desesperante, tarde 2 horas en realizar un trabajo que realizo en 30 min habitualmente.

Espero me puedan ayudar en la guia para realizar la limpieza de la misma.

Gracias

Hola @alipaht

[email protected] al Foro!!!

Comencemos con una desinfección:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de Ccleaner Browser/Avast Browser o similar…
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes Versión 4

  • Lo ejecutas siguiendo los pasos de su Manual.
  • Realizas un Análisis Personalizado
  • Revisa especialmente como salvar el reporte.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

Hola SanMar.

Muchas gracia spor el apoyo a simple vista ya PC ya se siente mas ligera y agil , pero al paso del tiempo vuelve a alentarse y tengo que reiniciarla para que pueda trabajar bien.

Adjunto los codigos solicitados, por algun motivo el ZHPCleaner no me permite copiar el codigo me aparece error.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-29-2020
# Duration: 00:00:18
# OS:       Windows 10 Enterprise
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Classes\WTempEx.BOBrowser
Deleted       HKLM\SOFTWARE\Classes\WTempEx.BOBrowser.1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1522 octets] - [29/04/2020 16:52:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########[/code]

Malwarebytes

www.malwarebytes.com

-Log Details-
Scan Date: 4/29/20
Scan Time: 7:51 PM
Log File: c7c8897a-8a7c-11ea-b894-c4346b7a9628.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23162
License: Free

-System Information-
OS: Windows 10 (Build 18362.720)
CPU: x64
File System: NTFS
User: HALAMERICA\H243170

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 707044
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 15 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Hola @alipaht

Tranquilo que aun no hemos hecho nada.

Vuelve a ejecutar Malwarebytes, revisa el Manual que te deje que debes hacer un Análisis Personalizado seleccionando todas las Unidades de tu equipo.

Y pega el reporte que te falta de ZHP en tu próxima respuesta, seguramente el error fue por que tenias ya dos reportes.


Ademas realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan/Analizar y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Hola SanMar buenas tardes

Volví a ejecutar el ZHP y no me permite entrar al report. Aparece una ventana emergente que dice que no encontro el fichero. Aparece un numero 7 a un costado del icono con la bombilla.

adjunto los otros 2:

Malwarebytes

www.malwarebytes.com

-Log Details-
Scan Date: 5/1/20
Scan Time: 9:02 AM
Log File: 76eefbfe-8bb4-11ea-a3b5-c4346b7a9628.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23162
License: Free

-System Information-
OS: Windows 10 (Build 18362.720)
CPU: x64
File System: NTFS
User: HALAMERICA\H243170

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 517777
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 hr, 17 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

FRST

FRST.txt (42,6 KB)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2020
Ran by H243170 (01-05-2020 17:07:44)
Running from C:\Users\h243170\Downloads
Windows 10 Enterprise Version 1903 18362.720 (X64) (2020-02-15 11:30:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1593338273-1970461741-117478476-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1593338273-1970461741-117478476-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1593338273-1970461741-117478476-1000 - Limited - Disabled)
defaultuser1 (S-1-5-21-1593338273-1970461741-117478476-1012 - Limited - Enabled) => C:\Users\defaultuser1.DKTP475832.005
Guest (S-1-5-21-1593338273-1970461741-117478476-501 - Limited - Disabled)
Halliburton (S-1-5-21-1593338273-1970461741-117478476-1002 - Administrator - Enabled) => C:\Users\Halliburton
WDAGUtilityAccount (S-1-5-21-1593338273-1970461741-117478476-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{2595E6DD-D6D4-42FC-80A8-6A711EBEC344}) (Version: 12.2.7.197 - Adobe Systems, Inc)
Carbon Black Sensor (HKLM-x32\...\{2ADD03FC-5CBA-4BF7-A20B-5CD5B2EA3F4A}) (Version: 6.1.9.81012 - Carbon Black, Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
Configuration Manager Client (HKLM\...\{2CE44167-3417-4A08-9CC3-9D7D9B5C9AE9}) (Version: 5.00.8913.1000 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1050 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Landmark Engineer’s Desktop 5000.14.0 – Third Party Components (HKLM-x32\...\{6195040C-DDE9-4BE7-83A9-FB1440085271}) (Version: 5000.14.0 - Landmark Graphics)
Landmark Engineer's Desktop 5000.14 (HKLM\...\{30BCA381-21C0-4924-B717-5159C90B3557}) (Version: 5000.14.1 - Landmark Graphics)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{62D2F823-0EAA-496D-B0F9-A869BFC51550}) (Version: 8.05.2312 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Phish Alert (HKLM-x32\...\{F3E990F3-6238-4294-97E6-DD252C1F2BCB}) (Version: 1.2.45 - KnowBe4)
Pulse Secure (HKLM\...\{0E5D0DD7-7AAD-48D8-95AF-22E3EFA65097}) (Version: 5.3.587 - Pulse Secure, LLC) Hidden
Pulse Secure 5.3 (HKLM-x32\...\Pulse Secure 5.3) (Version: 5.3.587 - Pulse Secure, LLC)
Radmin Server 3.5.2 (HKLM-x32\...\{1B704FD1-C00F-482F-8997-82F2F19E10E7}) (Version: 3.52.1.0000 - Famatech)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.60 - SAP SE)
SAP GUI for Windows 7.60  (Patch 4) (HKLM-x32\...\SAPGUI) (Version: 7.60 Compilation 1 - SAP SE)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Symantec Endpoint Protection (HKLM\...\{CE73BCF2-8C36-4CCD-9331-5CCD2F987706}) (Version: 14.2.5323.2000 - Symantec Corporation)
Update for Skype for Business 2016 (KB4484245) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{4664AD2C-8286-49DC-90D2-5AA24C49164E}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4484245) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.PROPLUS_{4664AD2C-8286-49DC-90D2-5AA24C49164E}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4484245) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{4664AD2C-8286-49DC-90D2-5AA24C49164E}) (Version:  - Microsoft)
Vintela Authentication SSO for SAP (HKLM-x32\...\{D58E9CBE-DF84-4BA6-9B32-0103331BADB5}) (Version: 1.01.0000 - Quest Software)
Yammer (HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\yammerdesktop) (Version: 3.4.3 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\vpshell2.dll [2019-11-09] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\vpshell2.dll [2019-11-09] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\vpshell2.dll [2019-11-09] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-29] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\h243170\Desktop\EDM AutoSync Client.lnk -> C:\Landmark\EDT_5000.14\AutoSync\bin\autosync_client.bat ()
Shortcut: C:\Users\h243170\Desktop\OpenWells.lnk -> C:\Landmark\EDT_5000.14\OpenWells\Bin\RunOpenWells.bat ()
Shortcut: C:\Users\Public\Desktop\EDM to OpenWorks Link.lnk -> C:\Landmark\EDT_5000.14\EDM\EDM to OpenWorks\EDMtoOpenWorks.bat ()

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5CA4F88D-67B7-46CE-9653-5A17519F66F0}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\//security_MMC.exe -> //security_MMC.exe
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\activelearner.com -> activelearner.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\airsecurity.com -> airsecurity.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\airsecurity.com -> hxxps://airsecurity.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\corp.halliburton.com -> hounfse700.corp.halliburton.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\ddiworld.com -> ddiworld.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\gohalliburton.com -> gohalliburton.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\halliburton.jobs -> halliburton.jobs
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\halliburton.sabanow.net -> halliburton.sabanow.net
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\halliburtonc.sabanow.net -> halliburtonc.sabanow.net
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\houebiz056 -> houebiz056
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\ipims.com -> ipims.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\knowledgepak.com -> knowledgepak.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\np1cmpr002 -> hxxp://np1cmpr002
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\outtask.com -> outtask.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\plateau.com -> plateau.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\sapsf.com -> sapsf.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\sharepoint.com -> halliburton.sharepoint.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\successfactors.com -> successfactors.com
IE trusted site: HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\...\thomsonreuters.com -> cpe.checkpointlearning.thomsonreuters.com

There are 1 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-8740799-2134930118-1361462980-1357751\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 34.34.132.1 - 34.36.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 4) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Juniper Network Service -> jnprns (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{2365687F-1BC5-4123-916B-5D9C09D21F7A}C:\program files (x86)\microsoft office\office16\lync.exe] => (Block) C:\program files (x86)\microsoft office\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FEB7E66E-D6DC-49DE-89CB-42D5B7004EEB}C:\program files (x86)\microsoft office\office16\lync.exe] => (Block) C:\program files (x86)\microsoft office\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2610890A-87FE-43E6-8AE1-C3B599342FF9}C:\program files (x86)\microsoft office\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0E0584FD-02BB-4421-A453-12B2BCFB4CC6}C:\program files (x86)\microsoft office\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0411F6A0-9DB8-4A04-8A62-CCE04FCED5FB}C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe] => (Allow) C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe
FirewallRules: [TCP Query User{E9EEB7BB-414D-44C4-B4AA-97AA0CA9E612}C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe] => (Allow) C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe
FirewallRules: [{3DDB51A9-C361-48DA-8430-3BC3B1808345}] => (Allow) C:\WINDOWS\SysWOW64\rserver30\rserver3.exe (Famatech Corp. -> Famatech Corp.)
FirewallRules: [{EB856908-9641-4146-9AAE-A55AE0876126}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4AC7CC28-5D88-4D93-B882-283876DFF2A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A2F6C18-C59A-4083-996C-2A692F069B57}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A4623224-AE2F-4D20-8A3C-A9E0AAB9E8BC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18B65B37-D9B1-46E6-81E0-9CE31E84397C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{0850DB02-BAE1-4F2D-8508-339C45E52813}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{6A10B56B-6AF4-4232-908B-F229786C3A53}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{07F8772E-0458-403B-80DE-E2D15582636E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [TCP Query User{3BD8EA1F-BA33-46B0-8981-A1F765A62F00}C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe] => (Block) C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe
FirewallRules: [UDP Query User{91B5FA0A-BC86-4173-A96E-A5AED0429756}C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe] => (Block) C:\landmark\edt_5000.14\common files\jdk\jre\bin\javaw.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:460.49 GB) (Free:289.68 GB) (63%)
Check "VSS" service


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/01/2020 05:15:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5580,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 04:49:06 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! WS.Reputation.1 in File: C:\Users\h243170\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.

Error: (05/01/2020 04:20:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9632,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 04:14:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x5d65fb6a
Faulting module name: StartUI.dll, version: 10.0.18362.449, time stamp: 0x5dac238d
Exception code: 0xc0000409
Fault offset: 0x00000000002c7a1f
Faulting process id: 0x22f0
Faulting application start time: 0x01d61feb4273c001
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\ShellExperiences\StartUI.dll
Report Id: 6bdf5758-6a4f-49a6-ba7b-6bd3e9213bd7
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (05/01/2020 03:15:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 6.0.270.7 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2804

Start Time: 01d61febc2748c2f

Termination Time: 4294967295

Application Path: C:\Landmark\EDT_5000.14\Common Files\JDK\jre\bin\javaw.exe

Report Id: 7a1433e1-7dde-4421-86e6-a2a1cb6318f8

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Top level window is idle

Error: (05/01/2020 03:13:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11680,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 03:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program lync.exe version 16.0.4978.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2c3c

Start Time: 01d61feb6ffe9693

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft Office\Office16\lync.exe

Report Id: f89a733c-0795-40f6-927a-8f996f3dc22f

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (05/01/2020 02:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.18362.1, time stamp: 0x8ceb427f
Faulting module name: PolicyAgentEndpoint.dll, version: 5.0.8913.1012, time stamp: 0x5df5f85b
Exception code: 0xc0000005
Fault offset: 0x000000000000f3e6
Faulting process id: 0x2dec
Faulting application start time: 0x01d61fef7497cb49
Faulting application path: C:\Windows\System32\rundll32.exe
Faulting module path: C:\WINDOWS\CCM\PolicyAgentEndpoint.dll
Report Id: 85a3c988-0cf2-4d3d-93b1-2d42f2860185
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (05/01/2020 02:59:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B07C1D3E-637B-4C71-BC2F-06665F376A59} did not register with DCOM within the required timeout.

Error: (05/01/2020 02:01:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:21:20 PM on ‎5/‎1/‎2020 was unexpected.

Error: (05/01/2020 11:42:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.

Error: (05/01/2020 11:42:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.

Error: (05/01/2020 11:41:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.

Error: (05/01/2020 11:40:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.

Error: (05/01/2020 11:39:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.

Error: (05/01/2020 11:38:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.


CodeIntegrity:
===================================

Date: 2020-05-01 16:52:40.420
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-05-01 16:52:40.417
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-05-01 16:47:43.035
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-05-01 16:47:43.025
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-05-01 14:05:36.399
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-05-01 14:05:36.396
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-05-01 14:05:34.658
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-05-01 14:05:34.653
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.5323.2000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: Hewlett-Packard L01 v02.33 07/15/2014
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 81%
Total physical RAM: 4007.51 MB
Available physical RAM: 747.36 MB
Total Virtual: 10663.51 MB
Available Virtual: 5262.67 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:460.49 GB) (Free:289.68 GB) NTFS
Drive d: (Aliphat Externo 640 GB) (Fixed) (Total:596.17 GB) (Free:135.3 GB) NTFS
Drive g: (ALIPHAT) (Removable) (Total:3.61 GB) (Free:0.95 GB) FAT32

\\?\Volume{a42c5e8e-31a9-4705-89eb-ef106db1bd4e}\ (Recovery) (Fixed) (Total:4.65 GB) (Free:4.25 GB) NTFS
\\?\Volume{e113b7fe-1f22-4192-9af5-2ecc98caa18b}\ () (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Hola @alipaht

Tenemos un problema:

Ran by H243170 (ATTENTION: The user is not administrator) on DKTP475832

No podemos hacer mucho si no es desde una cuenta con Derechos de Administrador.

Ademas en el reporte menciona los otros usuarios:

Loaded Profiles: SVC_MX_IXACHI2001 & H243170 (Available Profiles: Halliburton & defaultuser1 & H184346 & H188385 & H210900 & H219942 & H226636 & SVC_MX_IXACHI1101 & SVC_MX_IXACHI2001 & H237718 & H238298 & H243170 & HB30963 & H113478a)

Esto es un equipo de organización, empresa o laboral?

Nos comentas.

Salu2

Yo tengo el user y id del admin, de hecho para instalar todas las aplicaciones tuve que aprobar con el user y id del admin.

Y hay varios usuarios en la computadora es de empresa.

Hola @alipaht

Aunque tengas el ID, si no corremos FRST desde la cuenta con Derechos de Administrador el Fix no se ejecutara.

Ademas no podemos dar soporte a Empresas, deberías contactar a el Servicio/ Soporte Técnico de la misma, ya que tienes configuraciones particulares.

Salu2